CVE-2023-25156

Kiwi TCMS, an open source test management system, does not impose rate limits in versions prior to 12.0. This makes it easier to attempt brute-force attacks against the login page. Users should upgrade to v12.0 or later to receive a patch. As a workaround, users may install and configure a...

EUVD-2023-2090

Malicious code in bioql PyPI...

EUVD-2023-1647

Malicious code in bioql PyPI...

EUVD-2023-0290

Malicious code in bioql PyPI...

EUVD-2023-26613

Malicious code in bioql PyPI...

EUVD-2023-1663

Malicious code in bioql PyPI...

EUVD-2023-0656

Malicious code in bioql PyPI...

EUVD-2023-0835

Malicious code in bioql PyPI...

EUVD-2023-1233

Malicious code in bioql PyPI...

EUVD-2023-0650

Malicious code in bioql PyPI...

EUVD-2023-1299

Malicious code in bioql PyPI...

CVE-2023-22451

Kiwi TCMS is an open source test management system. In version 11.6 and prior, when users register new accounts and/or change passwords, there is no validation in place which would prevent them from picking an easy to guess password. This issue is resolved by providing defaults for the...

CVE-2023-36809

Kiwi TCMS, an open source test management system allows users to upload attachments to test plans, test cases, etc. Versions of Kiwi TCMS prior to 12.5 had introduced changes which were meant to serve all uploaded files as plain text in order to prevent browsers from executing potentially dangero...

CVE-2023-30544

Kiwi TCMS is an open source test management system. In versions of Kiwi TCMS prior to 12.2, users were able to update their email addresses via the My profile admin page. This page allowed them to change the email address registered with their account without the ownership verification performed...

CVE-2023-32686

Kiwi TCMS is an open source test management system for both manual and automated testing. Kiwi TCMS allows users to upload attachments to test plans, test cases, etc. Earlier versions of Kiwi TCMS had introduced upload validators in order to prevent potentially dangerous files from being uploaded...

CVE-2023-30628

Kiwi TCMS is an open source test management system. In kiwitcms/Kiwi v12.2 and prior and kiwitcms/enterprise v12.2 and prior, the changelog.yml workflow is vulnerable to command injection attacks because of using an untrusted github.headref field. The github.headref value is an attacker-controlle...

CVE-2023-30613

Kiwi TCMS, an open source test management system, allows users to upload attachments to test plans, test cases, etc. In versions of Kiwi TCMS prior to 12.2, there is no control over what kinds of files can be uploaded. Thus, a malicious actor may upload an .exe file or a file containing embedded...

CVE-2023-25171

Kiwi TCMS, an open source test management system, does not impose rate limits in versions prior to 12.0. This makes it easier to attempt denial-of-service attacks against the Password reset page. An attacker could potentially send a large number of emails if they know the email addresses of users...

CVE-2023-33977

Kiwi TCMS is an open source test management system for both manual and automated testing. Kiwi TCMS allows users to upload attachments to test plans, test cases, etc. Earlier versions of Kiwi TCMS had introduced upload validators in order to prevent potentially dangerous files from being uploaded...

MAL-2024-10491 Malicious code in tcms-malicious-package-test-1 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ecbe4f00487fb7bbadba6c2153a5c851ce1c61ce032ba09f3d69c53b49bd0f48 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...